Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libcache-fastmmap-perl-1.50/mmap_cache_test.c
Examining data/libcache-fastmmap-perl-1.50/mmap_cache.c
Examining data/libcache-fastmmap-perl-1.50/ppport.h
Examining data/libcache-fastmmap-perl-1.50/mmap_cache_internals.h
Examining data/libcache-fastmmap-perl-1.50/unix.c
Examining data/libcache-fastmmap-perl-1.50/win32.c
Examining data/libcache-fastmmap-perl-1.50/mmap_cache.h
FINAL RESULTS:
data/libcache-fastmmap-perl-1.50/mmap_cache_test.c:263:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(valbuf, v);
data/libcache-fastmmap-perl-1.50/mmap_cache_test.c:264:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valbuf, k);
data/libcache-fastmmap-perl-1.50/mmap_cache_test.c:265:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valbuf, ve);
data/libcache-fastmmap-perl-1.50/unix.c:219:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(errbuf, 1023, error_string, ap);
data/libcache-fastmmap-perl-1.50/win32.c:30:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/libcache-fastmmap-perl-1.50/win32.c:213:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(errbuf, 1023, error_string, ap);
data/libcache-fastmmap-perl-1.50/mmap_cache_test.c:25:8: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
double drand48(void) {
data/libcache-fastmmap-perl-1.50/mmap_cache_test.c:242:9: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (drand48() < ratio) {
data/libcache-fastmmap-perl-1.50/mmap_cache_test.c:244:33: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
char * k = kl->keys[(int)(drand48() * kl->n_keys)];
data/libcache-fastmmap-perl-1.50/mmap_cache_test.c:260:38: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
char * k = rand_str(10 + (int)(drand48() * 10));
data/libcache-fastmmap-perl-1.50/mmap_cache_test.c:262:34: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
char * ve = rand_str((int)(drand48() * 200));
data/libcache-fastmmap-perl-1.50/mmap_cache.c:63:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cache->init_file = atoi(val);
data/libcache-fastmmap-perl-1.50/mmap_cache.c:65:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cache->test_file = atoi(val);
data/libcache-fastmmap-perl-1.50/mmap_cache.c:67:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cache->c_page_size = atoi(val);
data/libcache-fastmmap-perl-1.50/mmap_cache.c:69:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cache->c_num_pages = atoi(val);
data/libcache-fastmmap-perl-1.50/mmap_cache.c:71:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cache->expire_time = atoi(val);
data/libcache-fastmmap-perl-1.50/mmap_cache.c:75:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cache->permissions = atoi(val);
data/libcache-fastmmap-perl-1.50/mmap_cache.c:77:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cache->start_slots = atoi(val);
data/libcache-fastmmap-perl-1.50/mmap_cache.c:79:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cache->catch_deadlocks = atoi(val);
data/libcache-fastmmap-perl-1.50/mmap_cache.c:81:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cache->enable_stats = atoi(val);
data/libcache-fastmmap-perl-1.50/mmap_cache.c:498:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(S_KeyPtr(base_det), key_ptr, key_len);
data/libcache-fastmmap-perl-1.50/mmap_cache.c:499:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(S_ValPtr(base_det), val_ptr, val_len);
data/libcache-fastmmap-perl-1.50/mmap_cache.c:764:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(PTR_ADD(new_kv_data, new_offset), old_base_det, kvlen);
data/libcache-fastmmap-perl-1.50/mmap_cache.c:780:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(base_slots, new_slot_data, slot_data_size);
data/libcache-fastmmap-perl-1.50/mmap_cache.c:781:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(base_slots + new_num_slots, new_kv_data, new_offset);
data/libcache-fastmmap-perl-1.50/mmap_cache.c:1214:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[256], val[256];
data/libcache-fastmmap-perl-1.50/mmap_cache.c:1221:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, S_KeyPtr(base_det), key_len > 256 ? 256 : key_len);
data/libcache-fastmmap-perl-1.50/mmap_cache.c:1223:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(val, S_ValPtr(base_det), val_len > 256 ? 256 : val_len);
data/libcache-fastmmap-perl-1.50/mmap_cache_test.c:57:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(val_rtn_ptr, val_ptr, *val_len);
data/libcache-fastmmap-perl-1.50/mmap_cache_test.c:98:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65537];
data/libcache-fastmmap-perl-1.50/mmap_cache_test.c:220:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/libcache-fastmmap-perl-1.50/mmap_cache_test.c:223:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
urand_fh = open("/dev/urandom", O_RDONLY);
data/libcache-fastmmap-perl-1.50/mmap_cache_test.c:235:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valbuf[256];
data/libcache-fastmmap-perl-1.50/mmap_cache_test.c:253:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(valbuf, v+10, strlen(k));
data/libcache-fastmmap-perl-1.50/unix.c:57:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
res = open(cache->share_file, O_WRONLY | O_CREAT | O_EXCL | O_TRUNC | O_APPEND, permissions);
data/libcache-fastmmap-perl-1.50/unix.c:88:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fh = open(cache->share_file, O_RDWR);
data/libcache-fastmmap-perl-1.50/unix.c:211:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errbuf[1024];
data/libcache-fastmmap-perl-1.50/win32.c:37:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAX_PATH];
data/libcache-fastmmap-perl-1.50/win32.c:45:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
return strcat(buf, "sharefile");
data/libcache-fastmmap-perl-1.50/win32.c:204:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errbuf[1024];
data/libcache-fastmmap-perl-1.50/mmap_cache_test.c:160:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Set(cache, str1, strlen(str1)+1, str2, strlen(str2)+1);
data/libcache-fastmmap-perl-1.50/mmap_cache_test.c:160:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Set(cache, str1, strlen(str1)+1, str2, strlen(str2)+1);
data/libcache-fastmmap-perl-1.50/mmap_cache_test.c:161:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str3 = Get(cache, str1, strlen(str1)+1, &gl);
data/libcache-fastmmap-perl-1.50/mmap_cache_test.c:162:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(strlen(str2)+1 == gl);
data/libcache-fastmmap-perl-1.50/mmap_cache_test.c:163:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(!memcmp(str2, str3, strlen(str2)+1));
data/libcache-fastmmap-perl-1.50/mmap_cache_test.c:226:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(urand_fh, buf, 8);
data/libcache-fastmmap-perl-1.50/mmap_cache_test.c:245:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
void * v = Get(cache, k, strlen(k), &val_len);
data/libcache-fastmmap-perl-1.50/mmap_cache_test.c:253:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(valbuf, v+10, strlen(k));
data/libcache-fastmmap-perl-1.50/mmap_cache_test.c:254:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valbuf[strlen(k)] = '\0';
data/libcache-fastmmap-perl-1.50/mmap_cache_test.c:255:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(!memcmp(valbuf, k, strlen(k)));
data/libcache-fastmmap-perl-1.50/mmap_cache_test.c:268:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Set(cache, k, strlen(k), valbuf, strlen(valbuf));
data/libcache-fastmmap-perl-1.50/mmap_cache_test.c:268:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Set(cache, k, strlen(k), valbuf, strlen(valbuf));
data/libcache-fastmmap-perl-1.50/mmap_cache_test.c:275:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read) {
data/libcache-fastmmap-perl-1.50/mmap_cache_test.c:276:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
printf("Read hit pct: %5.3f\n", (double)read_hit/read);
data/libcache-fastmmap-perl-1.50/unix.c:223:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(errbuf, ": ", 1024);
data/libcache-fastmmap-perl-1.50/unix.c:224:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(errbuf, strerror(err), 1023);
data/libcache-fastmmap-perl-1.50/win32.c:217:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(errbuf, ": ", 1023);
data/libcache-fastmmap-perl-1.50/win32.c:226:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(errbuf, msgBuff, 1023);
ANALYSIS SUMMARY:
Hits = 58
Lines analyzed = 3000 in approximately 0.13 seconds (23150 lines/second)
Physical Source Lines of Code (SLOC) = 1639
Hits@level = [0] 20 [1] 18 [2] 29 [3] 5 [4] 6 [5] 0
Hits@level+ = [0+] 78 [1+] 58 [2+] 40 [3+] 11 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 47.59 [1+] 35.3874 [2+] 24.4051 [3+] 6.71141 [4+] 3.66077 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.